Executives’ desire to not miss out on a competitive advantage is leading to security professionals losing track of workloads on the cloud, according to a new study from Symantec Corp.

Robert Arandjelovic, the director of product marketing for Symantec. Credit: Canadian Security Magazine

The report, which surveyed 1,250 security decision-makers across the globe, indicates that more than 53 per cent of computing workloads from enterprises have been moved to the cloud. That number is 48 per cent in Canada. The report’s findings also said that an overwhelming 93 per cent of those surveyed reported that they had issues keeping tabs on all of their cloud workloads and only 27 per cent believed they were capable of addressing all cloud security threats.

Canadian enterprises have been slower to adopt the cloud due to a pragmatic approach to innovation, according to the report. Symantec’s director of product marketing, Robert Arandjelovic, said that mindset has helped mitigate some of the problems around losing track of workloads.

“It’s more of a rational approach of not just saying ‘We’re going to do this and we’re going to figure it out as we go along.’ I think we tend to kind of look at things a little more level headed,” said Arandjelovic. “I spent a lot of time in Europe, and it feels like there’s a little more of a European pragmatism, in terms of ‘We will do things when we know we can do it right’ rather than ‘Let’s get going and get our competitive advantage’.”

Arandjelovic said when it comes to new technologies that are touted as revolutionary, executives who preside above the security decision-makers tend to push for these technologies to be implemented for fear of losing competitive advantage while sidestepping the opinion of their security experts.

“When you think of the cloud, it’s symbolic of this broader trend of digital transformation,” said Arandjelovic. “IT initiatives and digital projects in the past, they couldn’t do them without IT being heavily involved end-to-end… because you needed to spin up servers, you needed people doing oversight and getting things running. And then they had to do the day-to-day management of that. With the cloud, spinning up servers, managing them, and keeping them running on a day-to-day basis, that all goes away. All of a sudden… you don’t need any IT expertise.”

And because cloud servers require much less direct involvement IT and cybersecurity teams, it is possible to move ahead with it despite the pushback from those teams; which leads to its own security issues, he added.

“You get a lot of circumstances where they’re consulted only in superficial ways. They have gotten a reputation as the department where you can have this great idea that really transformed the business, but security is going to kind of rain on the parade, or make it more expensive, or delay it. For a lot of those reasons, you generally see that security isn’t always built-in or baked into the process. And we’re seeing it has to be nowadays.”